ClawShield is a constitutional execution governance layer that evaluates proposed actions against compiled policy, gates execution behind cryptographic approval tokens, and produces Ed25519-signed receipts for every decision.
ClawShield is a runtime governance system for autonomous systems and AI agents. It sits between intent and execution, enforcing that every action passes through policy evaluation before proceeding.
ClawShield uses a compiled OPA WASM policy engine with default-deny semantics. Actions are evaluated against Rego policies. Allowed actions receive a signed JWT approval token. High-risk actions require multi-signature human attestation before execution proceeds.
Every governance decision produces a SHA-256 decision hash. Every execution produces an Ed25519-signed receipt. All kernel state transitions are anchored to an append-only ChainOfFact witness ledger, creating a tamper-evident audit trail.
ClawShield is designed for operators of autonomous systems, AI agent runtimes, and enterprise toolchains that require verifiable proof of governance compliance for every action taken.